Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-53


Apache Tomcat HTTP Connector Send File Processing Cache Error Lets Remote Users Obtain Potentially Sensitive Information on the Target System
Severity Rating: Medium
Systems Affected:
  • Apache Tomcat version 8.5.0 to 8.5.12, 9.0.0.M1 to 9.0.0.M18
Description
A vulnerability was reported in Apache Tomcat and can be exploited by remote attackers to obtain potentially sensitive information on the vulnerable system. The vulnerability exists due to an error which occurred in the HTTP connectors send file processing, causing the invoked Processor to be added to the cache twice. As a result, a remote user may view potentially sensitive information from the wrong response.
 
Solution
Users are advised to apply updates.
More information is available on:
 
Vendor Information
Apache
 
References
Security Tracker
 
Tomcat Apache
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis